Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-5263

WebAuthentication does not work across requests (specifying JSessionId)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Obsolete
    • Icon: Major Major
    • No Release
    • JBossAS-4.2.2.GA
    • Security
    • None

    • All

      When cookies are disabled and WebAuthentication is used to do programmatic login, the subsequent requests cannot access a secured resource in spite of specifying the jsessionid.

      Code executed for first request -

      String loginId = request.getParameter("userName");
      String pwd = request.getParameter("password");

      WebAuthentication pwl = new WebAuthentication();
      pwl.login(loginId, pwd);

      System.out.println(request.getSession().getId());

      Next, access a secured resource using the sessionid printed above -

      http://localhost:8080/tester/securepage.jsp;jsessionid=3DD43722A08682D91623FDE362D10275?key1=value1

      This access does not go to securepage.jsp, instead takes the user back to login page.

              anil.saldhana Anil Saldanha (Inactive)
              vinodkrishna.bhat Vinod Bhat (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: